Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

OpenSUSE15.3 ; Firewall , SSH、NTP

1.Setting up a remote connection using SSH

SSH is a service to connect to a server remotely, basically running right after the OS installation, but the default settings are somewhat insecure.
Configure settings to increase the security of ssh connections.

1.1 Change the configuration file of SSH service.

The configuration file for the SSH service is "/etc/ssh/sshd_config".

①Find "Port 22" and change it to any port number other than Wernon-port.
This time, we'll change it to "Port 2244" and proceed.(Simply changing this port number can reduce unauthorized access.)

②Find "#ListenAddress 0.0.0.0" and delete the "#" in front of it
③Look for "#PermitRootLogin yes" and change it to "PermitRootLogin no"

Restart SSH

The next time you reboot, you will not be able to connect remotely via SSH, so release SSH port 2244 in the next firewall setting.

2.How to set up a firewall (firewalld)

In openSUSE, the firewall is set to firewalld by default and is enabled during OS installation.

2.1 How to use the firewall-cmd command to control "firewalld".

1)Command to check the status and settings of firewalld

①Check firewalld operation status

If "firewalld" is running, "running" will be displayed; if it is not running, "not running" will be displayed.

or

➁Show default zone settings
In the above example, the "public" zone is set to "default".
You can see that it is assigned to NIC "eth0" and that the services "dhcpv6-client" and "ssh" are allowed.

➂Show the settings for the specified zone.

The following example shows how to display the settings for the "dmz" zone

④About the "--permanent" option
In order to prevent the settings from being lost when the server is restarted or the "firewalld" service is restarted
In order to prevent the settings from being lost when the server is restarted or the "firewalld" service is restarted, the "--permanent" option must be used to configure the settings.
If the "--permanent" option is specified, the configuration will not be reflected in "firewalld" as it is, so it is necessary to reflect the configuration using "fiewall-cmd --reload".

As an example, the HTTP service will not be initialized even if the system is restarted, and will be permanently used.

⑤Adding and removing services to and from a zone

To add an already defined service to the zone, use "-add-service" to specify the service
# firewall-cmd [--permanent] --zone=Zone name --add-service=Service Name

Configuration example for adding a temporary service

Configuration example for permanently adding a service

Example of adding the "http" service to the "public" zone with the "--permanent" option

⑥service deletion

Use "--remove-service" to remove a service configured for a zone
# firewall-cmd [--permanent] --zone=Zone name--remove-service=Service Name
Remove the "http" service from the "public" zone as an example

⑦Add or remove ports to a zone
To add communication that is not defined as a service to the zone, add it by specifying the port number and protocol

Add a port by specifying a zone

Use "--add-port" to add a port to the zone
# firewall-cmd [--permanent]--zone=Zone name --add-port=Port number/protocol
Configuration example
Added rules for port number 10022 and protocol TCP in the "public" zone.

Deleting a port by specifying its zone

Use "--remove-port" to remove a port from a zone
#  firewall-cmd [--permanent]--zone=Zone name --remove-port=Port number/protocol
Configuration example
Delete the "10022/tcp" rule in the "public" zone

⑧How to start and stop

Since firewalld is controlled by systemd, use the systemctl command to start and stop it.

2.2 Release the modified SSH port 2244.

3.Connect remotely from Windows

Setting up in Windows
Use "Tera Term" as a terminal emulator
Start Tera Term, cancel the startup screen, and then select "New Connection" from "File" in the Tera Term menu.

Enter the following information on the following screen
Host : IP address of the server
TCP port : SSH port number changed above

You will get to the next screen
User name : General login user name
Passphrase : Password for the above user

If the information is correct, you should be able to log in normally as shown below.

4. NTP サーバーの設定

Install Chrony and build an NTP server for time synchronization. Note that NTP uses 123/UDP.

4.1 Chrony install

4.2 Configuring Chrony

4.3 Open the NTP port.

4.4 Operation check

タイトルとURLをコピーしました